The risks are that an attacker could get at the server that runs a website to spit out its secret keys, allowing them to read to any encrypted communication. It means they can steal passwords and even financial information. About 50% of websites globally are vulnerable.

Major companies are almost certainly aware but small companies running small sites may not be. And there are many of those. Even big companies are scrambling to patch up this bug.

Fortunately, Finnish security firm Codenomicon has already set up a dedicated website to help users and companies protect themselves against the new threat.

Another site, LastPass, has a 'Heartbleed Checker' that lets a user type in a web address to see if a site is at risk from the bug.

Big firms including Facebook,Twitter and Instagram have already released statements to reassure their users that they are upgrading their defences against hacking.

Instagram said they had found "no evidence" of any attempted data theft, while Facebook said they had not seen "any signs of suspicious account activity".

Other firms, such as jobs networking site LinkedIn, said they had not used OpenSSL in the first place and were therefore not at risk.